Within a chassis or enclosure of a compute node, a computer system or host, there may be hundreds of pluggable components, from temperature sensors and power supplies to memory modules and processors. Within a rack or a cluster of compute nodes, there may be thousands of such components. However, each component may represent a security vulnerability, i.e., a potential attack vector. A component may be a potential attack vector if the component is counterfeit or contains malware that may compromise the compute node. One potential way to infect a component with malware is to corrupt the firmware that is used to operate the component. Hence, identifying infected components is useful for preventing their use.